Doing a selective mobile device backup that separates work data and personal data can't be done, but perhaps not for the reasons you think.

Doing a selective mobile device backup that separates work data and personal data can't be done, says analyst Jason Buffington, but perhaps not for the reasons you think.

Before I get started, let me define the two basic types of endpoint devices: consumption devices and creation devices.

Consumption devices are like e-readers that fetch data from a cloud repository. As long as there's a log-in screen that keeps someone who finds a lost device from ordering every book in the store, there isn't much risk in losing a consumption device. If it breaks, you replace it and re-sync the content. Even if the device is used for business, the corporate documents likely come from Dropbox, GoogleDocs, SkyDrive or a similar service that typically doesn't require explicit backups.

Creation devices can be used to create new content that might not exist elsewhere. Like consumption devices, creation devices often leverage online file-sharing services that can ensure data survives even if the device doesn't. In addition to the data files, the configuration of the device itself usually requires protection.

Depending on how you use a tablet, it may be a consumption device, a creation device or both, and you might use it for business and personal work.

Self-managed backups. I have the option of purchasing external storage (personally or through my company) and configuring built-in or third-party backup tools to regularly protect my data as well as the device's OS/app configuration. But frankly, if typical users did that, endpoint backup problems would have been solved years ago.

Self-managed cloud backups. I could use a combination of online file sharing and online backup services to ensure my data is synchronized to at least one cloud-based repository. These services usually don't protect the entire machine, so I risk running into problems because of a bad application or OS patch. More importantly, if I pay for the service myself and then leave the company, my employer won't have the original data on my machine or any of the backups. If my employer pays for the service, they'll likely have access to the backups of my work data and my personal data. I don't care if my employer sees pictures of my family or hears my favorite songs, but they shouldn't have access to information about the kids in the Scout units I serve.

Corporately managed backups. I could have my backups done through my company's data center backup software or its cloud-based services. This option presumes the company offers a capability to back up not only corporate-owned devices, but devices purchased by employees. And while it would be noble of my employer to back up a device it didn't pay for, the same issue of a company having access to personal or non-company data still exists. In addition, many IT-controlled endpoint services include the ability to remotely wipe my device if it's lost or stolen -- and you can't just wipe corporate data directories while leaving the rest intact.

To be clear, a company has the right and responsibility to ensure that its data is backed up; but it equally should not have the right to the personal data on that same device. There are niche scenarios that try to address this, such as remote desktop connectivity, in which a device has no corporate data on it. Instead, the user connects to a virtual machine within the company and works within a confined window. But that method negates why most employees choose to purchase their own device: to increase their productivity. Radically changing one's work style between opening a personal Word document on a device versus laboriously connecting to a remote desktop and launching Word inside of one window is a "non-starter" for most BYOD users.

The bad news is that your backup vendor may never be able to solve this BYOD backup problem for you (not alone, anyway). What's needed is a set of multiple personas or other means of differentiating data during a mobile device backup so business data is protected one way, and personal data is protected in another.

Perhaps backup vendors will develop better ways of selecting data directories within a device. But that will probably require a device-by-device configuration, where users or IT select the data manually -- and that isn't likely to happen. Years ago, laptop backups forced users to change their work styles with a promise of "If you put your data here, IT will back it up." But most users felt that was inconvenient, so the data didn't get protected. Over time, many of those offerings evolved so they can now discover and back up "My Documents" wherever that directory may be. But most tablet OSes don't offer even that granularity, and laptops running today's newer OS versions often have just a single MyDocs directory for data.

The real work needs to be done by Apple (iOS), Google (Android) and Microsoft (WindowsRT/Phone) to enable a file-system or directory structure with top-level directories that can be predictably identified by backup software. These directories would look something like "My Work Docs" or "My Personal Docs" without affecting the rest of the user's experience. Clicking a .doc file should open Word, regardless of which directory the file is in. The backup software client would then have the option of offering to protect work files, personal files, both or the whole machine.

Until then, your company will either have to trust you to back up its data for them or you'll have to trust the company not to read your personal data. Of course, you could just carry two devices. But who wants to Buy Your Own Device twice?

About the author:Jason Buffington is a senior analyst at Enterprise Strategy Group. He focuses primarily on data protection, as well as Windows Server infrastructure, management and virtualization. He blogs at CentralizedBackup.com and tweets as @Jbuff.

Join the conversation

1 comment

Register

I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.

Please check the box if you want to proceed.

I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.

Your password has been sent to:

Please create a username to comment.

You bring up a great discussion that I find in my discussions while working for CommVault (full transparency) either doesn't come up until some backup option is selected and they learn the hard way then have to go back and try to rework things. Or it leads to inaction because they get into the spiral of complexity your raise or are scared of trying to change user behavior. It's important to bring these things up at the start of scoping in order to define the processes and needs that are most important and what can be accomplished in the organization's culture.

I particularly like the discussion when it comes to hybrid consumption and creation devices. I create, or more usually edit, things occasionally on my tablet that I want to protect, but I really don't need the whole thing protected, so I look for ways to get those onesy-twosey things back to somewhere to protect them.

I also find that there are ways to define policies about what and where is protected on a creation device, like a laptop, that don't require massive changes in user behavior (like defining: don't protect the "personal" folder) and can be done efficiently from a management perspective on a broad scale.

This market is rapidly evolving, and I have been struck by how more businesses are finally looking at what to do about all the data out there on creation devices and how they can help make it easier for their users to consumer it securely. Look forward to more discussions and focus on it and being a part in how the technologies are converging for making mobile work easier and safer.